Proprietary Risk Management Clearinghouse

ABSTRACT

A computerized risk management method and system for facilitating analysis and quantification of risk associated with a risk subject on a proprietary basis. A proprietary risk management system combines gathered information with information received from a source such as an automated risk management clearinghouse system and maintains a database to relate risk variables and calculate a measurement of risk. The measurement, which can be a risk quotient or other rating based upon a weighted algorithm applied to the risk variables, is indicative of risk associated with the risk subject. Actions commensurate with a risk quotient can be presented to a user to facilitate management of risk associated with a particular entity or transaction or other transaction. A stored history can be created to mitigate adverse effects relating to a problematic transaction.

CROSS REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of the filing date of U.S.Provisional application no. 60/390,459 entitled “Proprietary RiskManagement”, filed Jun. 20, 2002. This application is acontinuation-in-part of a prior application entitled “Risk ManagementClearinghouse” filed Feb. 12, 2002 and bearing the Ser. No. 10/074,584,as well as being a continuation-in-part of a prior application entitled“Risk Management Clearinghouse” filed Oct. 30, 2001, and bearing theSer. No. 10/021,124, which is also a continuation-in-part of a priorapplication entitled “Automated Global Risk Management” filed Mar. 20,2001, and bearing the Ser. No. 09/812,627, all of which are relied uponand incorporated by reference.

BACKGROUND

This invention relates generally to a method and system for facilitatingthe identification, investigation, assessment and management of legal,regulatory financial and reputational risks (“Risks”). In particular,the present invention relates to a computerized system and method forbanks and non-bank financial institutions to access information compiledon a worldwide basis and relate such information to a risk subject, suchas a transaction at hand, wherein the information is conducive toquantifying and managing financial, legal, regulatory and reputationalrisk associated with the transaction.

As money-laundering and related concerns have become increasinglyimportant public policy concerns, regulators have attempted to addressthese issues by imposing increasing formal and informal obligations uponfinancial institutions. Government regulations authorize a broad regimeof record-keeping and regulatory reporting obligations on coveredfinancial institutions as a tool for the federal government to use tofight drug trafficking, money laundering, and other crimes. Theregulations may require financial institutions to file currency andmonetary instrument reports and to maintain certain records for possibleuse in tax, criminal and regulatory proceedings. Such a body ofregulation is designed chiefly to assist law enforcement authorities indetecting when criminals are using banks and other financialinstitutions as intermediaries for, or to hide the transfer of fundsderived from, criminal activity.

Obligations include those imposed by the Department of the Treasury andfederal banking regulators which adopted suspicious activity report(“SAR”) regulations. These SAR regulations require that financialinstitutions file SARs whenever an institution detects a known orsuspected violation of federal law, or a suspicious transaction relatedto a money laundering activity or a violation of the Bank Secrecy Act(BSA). The regulations can impose a variety of reporting obligations onfinancial institutions. Perhaps most broadly relevant for the presentinvention, they require an institution to report transactionsaggregating to $5,000 that involve potential money laundering orviolations if the institution, knows, suspects, or has reason to suspectthat the transaction involves funds from illegal activities, is designedto disguise such funds, has no business or legitimate purpose, or issimply not the sort of transaction in which the particular customerwould noimally be expected to engage, and the institution knows of noreasonable explanation for the transaction after examining the availablefacts.

For example, banks must retain a copy of all SARs and all supportingdocumentation or equivalent business records for 5 years from the dateof the filing of the SAR. Federal banking regulators are responsible fordetermining financial institutions' compliance with the BSA andimplementing regulations.

Federal regulators have made clear that the practical effect of theserequirements is that financial institutions are subject to significantobligations to “know” their customer and to engage in adequatemonitoring of transactions.

Bank and non-bank financial institutions, including: investment banks;merchant banks; commercial banks; securities firms, including brokerdealers securities and commodities trading firms; asset managementcompanies, hedge funds, mutual funds, credit rating funds, securitiesexchanges and bourses, institutional and individual investors, lawfirms, accounting films, auditing firms, any institution the business ofwhich is engaging in financial activities as described in section 4(k)of the Bank Holding Act of 1956, and other entities subject to legal andregulatory compliance obligations with respect to money laundering,fraud, corruption, terrorism, organized crime, regulatory and suspiciousactivity reporting, sanctions, embargoes and other regulatory risks andassociated obligations, hereinafter collectively referred to as“Financial Institutions,” typically have few resources available to themto assist in the identification of present or potential risks associatedwith business transactions.

Risk can be multifaceted and far reaching. Generally, personnel do nothave available a mechanism to provide real time assistance to assess arisk factor or otherwise qualitatively manage risk. In the event ofproblems, it is often difficult to quantify to regulatory bodies,shareholders, newspapers and other interested parties, the diligenceexercised by the Financial Institution to properly identify and respondto risk factors. Absent a means to quantify good business practices anddiligent efforts to contain risk, a Financial Institution may appear tobe negligent in some respect.

Risk associated with an account involved in international transactionscan be greatly increased due to the difficulty in gathering andaccessing pertinent data on a basis timely to managing risk associatedwith the transaction. As part of due diligence associated withperforming financial transactions, it may be important for a FinancialInstitution to “Know Their Customer” including whether a customer iscontained on a list of restricted entities published by the Office ofForeign Access Control (OFAC), the Treasury Office or other governmentor industry organization.

What is needed is a method and system to draw upon information gatheredand utilize the information to assist with risk management and duediligence related to financial transactions. A new method and systemshould anticipate offering guidance to personnel who interact withclients and help the personnel identify high risk situations. Inaddition, it should be situated to convey risk information to acompliance department and be able to demonstrate to regulators that aFinancial Institution has met standards relating to risk containment.

SUMMARY

Accordingly, the present invention provides a risk management method andsystem for facilitating analysis and quantification of risk associatedwith a financial transaction. A proprietary risk managementclearinghouse (PRM) system maintains a database that can relate riskvariables including confidential and non-confidential information, suchas information relating to prior transactions and accounts, worldevents, government advisories, and other information. The PRM system canbe accessed directly or tied into front end or backend systems toautomatically monitor transactions. A rating system is used to assessrisk based upon criteria such as risk advisories, historical data,interpretation of world events or other variables that can affect risk.

A PRM system can generate a risk quotient or other rating based upon aweighted algorithm applied to the variables, wherein the risk quotientis indicative of risk associated with a transaction or an account. Thequotient can be monitored on a periodic basis, during the course of atransaction, upon account opening or on demand. Actions commensuratewith a risk quotient can be presented to a Financial Institution to helpthe institution properly manage risk associated with a particular entityor transaction, or other risk subject.

One or more reports can also be generated which are related to one ormore risk variables searched by the PRM system 112. In variousembodiments, the reports can include informational data returned by aRisk query, any related informational artifacts, descriptions ofinformational artifacts, other data related to one or more riskvariables or compilation or summary of data related to one or more riskvariable, one or more risk quotients or other quantitative value for aRisk assessment or summaries of information resulting from any relatedRisk inquiry. The reports can include, for example, any one or more of:informational data, informational artifacts and descriptions ofinformational artifacts, one or more risk quotients.

Some implementations of the present invention provide computerimplemented methods and systems for managing Risks wherein datadescriptive of informational artifacts and with content related toRisks, such as, for example, at least one of: reputational risk,regulatory risk and legal risk; can be received into a computer system.Risk variables can be defined which are generally related to one or morefinancial transactions. Proprietary data descriptive of a particularfinancial transaction can also be received into the computer system andone or more risk variables identified with the received data descriptiveof the financial transaction.

Informational artifacts with content related to Risk can be associatedwith the risk variables identified and a report can be generated for usewithin a predefined organization. The report can include, for example, adescription of the informational artifacts associated with the riskvariables identified.

In some embodiments a suggested action can be generated based upon thecontent of the informational artifacts. Some embodiments can alsoinclude generation of a risk quotient that is indicative of an amount ofRisk.

Still other embodiments can include methods and systems for conducting afinancial transaction. Details descriptive of a particular financialtransaction can be transmitted to a computer system accessible via acommunications network. The computer server can be operative withexecutable software to receive the details descriptive of the particularfinancial transaction and also receive data descriptive of informationalartifacts with content related to Risk, such as for example, at leastone of: reputational risk, regulatory risk and legal risk. One or morerisk variables can be identified with the data descriptive of theparticular financial transaction and at least one informational artifactcan be associated with the risk variables identified. The computerserver can transmit the data descriptive of the content of theinformational artifact that is associated with the risk variables to asubscriber conducting the financial transaction.

The subscriber can receive the data descriptive of the content of theinformational artifact and determine a course of action related to thefinancial transaction based upon the received data.

In another aspect, the present invention can include a method and systemfor a user to interact with a network access device so as to manage riskrelating to a risk subject. The user can initiate interaction with aproprietary risk management server via a communications network andinput information relating to details of the risk subject, such as, forexample, via a graphical user interface, and receive back a riskquotient indicative of a level of risk associated with the risk subject.A user can also receive a suggested action designed to mitigate riskassociated with the risk subject. The risk quotient can be, for examplea numerical value and a typical risk subject may be a particularFinancial Transaction.

Various features and embodiments are further described in the followingfigures, drawings and claims.

DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a block diagram that can embody this invention.

FIG. 2 illustrates a network of computer systems that can embody anautomated PRM system.

FIG. 3 illustrates a flow of exemplary steps that can be executed by aPRM system.

FIG. 4 illustrates a flow of exemplary steps that can taken by a user ofthe PRM system.

FIG. 5 illustrates an exemplary graphical user interface useful forgathering information according to the present invention.

FIG. 6 illustrates an exemplary graphical user interface useful forpresenting reports related to proprietary risk management.

DETAILED DESCRIPTION

The present invention includes a computerized method and system formanaging risk associated with Financial Transactions including thosewith international exposure. A computerized system gathers and storesinformation in a database or other data storing structure and relatesthe information to Risk factors pertaining to Financial Transactions.Informational Artifacts and/or data descriptive of InformationalArtifacts and a source of any Information Artifact can also be stored. ASubscriber, such as a Financial Institution, can receive informationfrom a Risk management clearinghouse and, if desired, also supplyinformation, into a proprietary database and query the database. Queriescan be automated and made a part of standard operating procedure foreach transaction conducted by the Subscriber. In some embodiments, arating system can be used by a Subscriber to assess risk based upon theinformation received and the Risk factors.

DEFINITIONS

Financial Institution: Financial Institution refers to any person,entity, company, corporation or statutory “person” in the business ofproviding Financial Transactions. As such, as used herein, a FinancialInstitution can collectively and individually include: Bank and non-bankfinancial institutions, including: investment banks; merchant banks;commercial banks; securities firms, including broker dealers securitiesand commodities trading films; asset management companies, other hedgefunds, mutual funds, credit rating funds, securities exchanges andbourses, institutional and individual investors, law firms, accountingfilms, auditing firms, any institution the business of which is engagingin financial activities as described in section 4(k) of the Bank HoldingAct of 1956, and other entities subject to legal and regulatorycompliance obligations with respect to money laundering, fraud,corruption, terrorism, organized crime, regulatory and suspiciousactivity reporting, sanctions, embargoes and other regulatory risks andassociated obligations.

Financial Transaction: a Financial transaction refers to any action thatanticipates a transfer of money from a first set of one or moreTransaction Participants to a second set of one or more TransactionParticipants. Examples of Financial Transactions can include: investmentand merchant banking, public and private financing, commodities and asecurities trading, commercial and consumer lending, asset management,rating of corporations and securities, public and private equityinvestment, public and private fixed income investment, listing tocompanies on a securities exchange and bourse, employee screening,auditing of corporate or other entities, legal opinions relating to acorporate or other entity, or other business related transactions; atransaction involving any transfer of funds and: an insurance company, acredit card issuer, a trading exchange, a government regulator, a lawenforcement agency, an investment and/or merchant bank, public andprivate financing, commodities and securities trading, commercial andconsumer lending, asset management, a rating of corporations andsecurities, public and private equity investments, public and privatefixed income investments, the listing of companies on securitiesexchanges and bourses; and employee screening.

Informational Artifact: Informational Artifact refers to a media itemthat contains information that can be interpreted into a humanlyascertainable form. Examples of Informational Artifacts include: a newsarticle, a news feed portion, a video segment, a newscast, a report, anidentifiable document, an agency listing, a list, a governmentpublication, other identifiable publication, a sound byte, a soundrecording, or other media item.

Proprietary Risk Management Clearinghouse (PRM): PRM refers tocomputerized systems and methods available to Subscribers permitted toaccess the computerized systems under the authorization of a parententity. The computerized systems and methods being utilized for managingRisks and associating information and/or informational artifacts usefulfor quantifying Risk with a Risk subject. Generally, the functionalityof a PRM is equivalent to functionality provided by an RMC system,except that data stored in the PRM and access to the PRM can be keptproprietary to the parent entity or some other designated group ofusers.

Risks: Risks associated with a financial transaction can include factorsassociated with security risk, financial risk, legal risk, regulatoryrisk and reputational risk. A Security Risk refers to breach of a safetymeasure that may result in unauthorized access to a facility;unauthorized access to data; physical harm, including threat ofimmediate risk of harm to a person or goods. Financial Risk refers tofactors indicative of monetary costs that the Risk Bearing Institutionor a Transaction Participant may be exposed to as a result of aparticular Financial Transaction. Monetary costs can be related tofines, forfeitures, costs to defend an adverse position, lost revenue,or other related potential sources of expense. Regulatory Risk refers tofactors that may cause the Risk Bearing Institution or TransactionParticipant to be in violation of rules put forth by a government entityor regulatory agency. Reputational risk relates to haiin that a RiskBearing Institution or Transaction Participant may suffer regarding itsprofessional standing in an industry or the public eye. A Risk BearingInstitution and Transaction Participant can suffer from being associatedwith a situation that may be interpreted as contrary to an image ofdiligence, honesty and forthrightness.

Risks may be related to the duty to disclose material information, toreport and possibly prevent: fraud, money laundering, foreign corruptpractices, bribery, embargoes and sanctions. Timely access to relevantdata on which to base a regulatory or reputational Risk related actioncan be critical to conducting business and comply with regulatoryrequirements such as those set forth by the Patriot Act in the UnitedStates.

Risk Management Clearinghouse (RMC): RMC refers to computerized systemsand methods for managing Risks and associating information and/orinformational artifacts useful for quantifying Risk with a Risk subject,as more fully described in the related patent applications: Ser. No.10/074,584 entitled “Risk Management Clearinghouse” filed Feb. 12, 2002,and U.S. patent application Ser. No. 10/021,124 entitled “RiskManagement Clearinghouse” filed Oct. 30, 2001.

Risk Quotient: Risk Quotient refers to a quantitative value of an amountof Risk, a Risk Quotient can be based upon a weighted algorithm appliedto the Risk criteria and informational artifacts.

Subscriber: Subscriber refers to any person or entity authorized toaccess an RMC system 106.

Transaction Participant: Transaction Participant refers to a person whowill partake in a Financial transaction.

Elements

Referring now to FIG. 1 a block diagram of one embodiment of the presentinvention is illustrated. A Risk Management Clearinghouse (RMC) system106, receives information which may be related to a FinancialTransaction, or a participant to a Financial Transaction. Information isreceived, for example, from publicly available sources, Subscribers,investigation entities, or other sources. The information is constantlyupdated and can be related to a Financial Transaction or an alert listin order to facilitate compliance with regulatory requirement. Updatedinformation is transmitted to a Proprietary Risk Management (PRM) system112. The PRM system 112 can be utilized to perform risk managementfunctions for a Subscriber institution 121.

Typically a Subscriber 121 will house a computerized PRM system 112 thatreceives an electronic feed from a PRM system 112. A Subscriber 121 caninclude, for example: a securities broker, a retail bank, a commercialbank, investment and merchant bank, private equity firm, assetmanagement company, a mutual fund company, a hedge fund firm, insurancecompany, a credit card issuer, retail or commercial financier, asecurities exchange, a regulator, a money transfer agency, or otherentity.

Public information can be received into the RMC system 106 or the PRMsystem 112 from a variety of sources, including, for example: a listgenerated by the Office of Foreign Assets Control (OFAC) 101 includingtheir sanction and embargo list, a list generated by the U.S. CommerceDepartment 102, a list of international “kingpins” generated by the U.S.White House 103, U.S. regulatory actions 104 or other information source105 such as a foreign government, U.S. adverse business-related mediareports, U.S. state regulatory enforcement actions, internationalregulatory enforcement actions, international adverse business-relatedmedia reports, a list of politically connected individuals and militaryleaders, list of U.S. and international organized crime members andaffiliates or a list of recognized high risk countries. Court records orother references relating to fraud, bankruptcy, professional reprimandor a rescission of a right to practice, suspension from professionalranks, disbarment, prison records or other source of suspect behaviorcan also be an important source of information.

Information entered by a Subscriber into a PRM system 112 may beinformation gathered according to normal course of dealings with aparticular entity or as a result of a concerted investigation. Inaddition, since the PRM system is proprietary and a Subscriberresponsible for the information contained therein can control access tothe information contained therein, the PRM system can includeinformation that is public or proprietary.

However, if desired, it can be made possible for information enteredinto the PRM system 112 to be shared with a RMC system 106 whichcontains informational data generally available to other Subscribers whomay not be held by any duty of confidentiality and/or available to thepublic as a whole. Informational data can be shared, for example via anelectronic transmission or transfer of electronic media. However, PRMsystem 112 data may be subject to applicable to local or national lawand safeguards should be adhered in order to avoid violation of such lawthrough data sharing practices. In the event that a Subscriber, or otherinterested party, discovers or suspects that a person or entity isinvolved in a fraudulent or otherwise illegal activity, the system canreport related information to an appropriate authority.

A Financial Institution will often be closely regulated. As a resultFinancial Institutions are exposed to significant risks from theirobligations of compliance with the law and to prevent, detect and, attimes, report potential violations of laws, regulations and industryrules (“laws”). These risks include, but are not limited to, the duty todisclose material information, and to prevent and possibly report:fraud, money laundering, foreign corrupt practices, bribery, embargoesand sanctions. Through a series of structured questions and weighting ofinformation received as answers, Financial Institutions can structure arisk exposure and receive suggested responses to a specific riskscenario.

A decision by a Financial Institution concerning whether to pursue aFinancial Transaction can be dependent upon many factors. A multitudeand diversity of risks related to the factors may need to be identifiedand evaluated. In addition, the weight and commercial implications ofthe factors and associated risks can be interrelated. The presentinvention can provide a consistent and uniform method for business,legal, compliance, credit and other personnel of Financial Institutionsto identify and assess risks associated with a transaction. A PRM system112 allows investment activity risks to be identified, correlated andquantified by a Financial Institution on a confidential basis therebyassessing legal, regulatory, financial and reputational exposure.

Types of transactions that may have risk implications can include, forexample transactions relating to: an individual account, a publiccompany domiciled in a G-7 country or Hong Kong, a public company notdomiciled in a G-7 country or Hong Kong, a corporate account regulatedby a G-7 agency or a corporate account regulated by a non G-7 governmentagency, a private company or partnership, a holding company, anintermediary managed account, such as a money manager or hedge fund, atrust or foundation, or other type of legal entity.

A Financial Institution can integrate a PRM system 112 to be part oflegal and regulatory oversight for various due diligence and “know yourcustomer” obligations imposed by regulatory authorities. The PRM system112 can facilitate detection and reporting of potential violations oflaw as well as address the “suitability” of a Financial Transactionand/or the assessment of sophistication of a customer. Similarly, thePRM system 112 can support a Financial Institution's effort to meetrequirements regarding the maintenance of accurate books and recordsrelating to their Financial Transactions and affirmative duty todisclose material issues affecting an investor's decisions.

In some embodiments, a RMC system 106 provides informational data,informational artifacts, and descriptions of informational artifactsgenerally related to Risks, as updated input into an in-house riskmanagement database that is part of the PRM system 112. The PRM system112 can allow a Financial Institution, or other Subscriber, to screenone or more Risk Variables, such as for example: a name of any or allcurrent and/or prospective account holder and/or wire transferreceipt/payment party against the data stored in the PRM System 112 on avery low cost and timely basis.

A log or other stored history can be created by the PRM system 112, suchthat utilization of the system can mitigate adverse effects relating toa problematic account. Mitigation can be accomplished by demonstratingto regulatory bodies, shareholders, news media and other interestedparties that corporate governance is being addressed through tangiblerisk management processes.

Information relating to financial, legal, regulatory and/or reputationalrisk is received as data into a computer system contained in the PRMsystem 112 from a source, such as, for example, a RMC system 106, orother source. Informational data received can be related by keyword,fuzzy logic, artificial intelligence programs, full text, numericalvalue, financial value, coded entry or other well known or proprietaryforms of data manipulation. In one embodiment, a periodic update can betransmitted from the RMC system 106 to the PRM system 112, such as anhourly or daily update. In another embodiment, communication between theRMC system 106 and the PRM system 112 can be consistently maintained,thereby allowing constant real-time interaction between the RMC system106 and the PRM system 112. Real time interaction can enable aSubscriber 121 to access the most recent data available from the RMCsystem 106. Use of a PRM system 112 can allow the Subscriber 121 tomaintain complete privacy regarding data in the PRM system 112, and alsomaintain complete privacy as to what queries are run against thedatabases contained in the PRM system 112.

A PRM system 112 can also execute programmable software which willweight risk related informational data in order to calculate a riskquotient or similar score or rating. The risk quotient can include, forexample, a scaled numeric or alpha-numeric value.

If a transaction reaches or exceeds a risk quotient threshold, the PRMsystem 112, or Subscriber 121 can respond with a responsive action 114.A responsive action 114 can include, for example, generating an alert,blocking acceptance of a transaction, creating a report, notifying acompliance department, notifying an authority, or other appropriateresponse. In addition, the PRM system 112 can create a structuredhistory relating to a transaction that can demonstrate due diligence andproper corporate governance. Reporting can be generated from thestructured history. A benefit of the PRM system 112 reporting andquantified risk due diligence 109 lies in the ability to keep all suchreporting confidential if desired.

In the case of an automated transaction, such as, for example, executionof an online transaction, a direct feed of information can beimplemented from a front end system involved in the transaction to thePRM system 112 or via questions that are presented to a transactioninitiator by a programmable robot via a GUI. Questions can relate to aparticular type of account, a particular type of client, types ofinvestment, or other criteria. Other prompts or questions can aid aFinancial Institution ascertain the identity of an account holder and anaccount's beneficial owner. If there is information indicating that aproposed transaction is related to an account that is beneficially ownedby a high risk entity, the Financial Institution may not wish to performthe transaction if it is unable to determine the identity of the highrisk entity and his or her relationship to the account holder.

The PRM system 112 can also receive open queries, such as, for example,from Subscriber personnel not necessarily associated with a particulartransaction. An open query may, for example, search for informationrelating to an individual or circumstance not associated with aFinancial Transaction and/or provide questions, historical data, worldevent information and other targeted information to facilitate adetermination of risk associated with a risk subject, such as a queryregarding an at risk entity's source of wealth or of particular fundsinvolved with an account or transaction in consideration.

A query can also be automatically generated from monitoring transactionsbeing conducted by a Subscriber 121. For example, an information systemcan electronically scan transaction data for key words, entity names,geographic locales, or other pertinent data. Programmable software canbe utilized to formulate a query according to suspect names or otherpertinent data and run the query against a database maintained by thePRM system 112. Other methods can include voice queries via a telephoneor other voice line, such as voice over internet, fax, electronicmessaging, or other means of communication. A query can also includedirect input into a PRM system 112, such as through a graphical userinterface (GUI) with input areas or prompts.

Prompts or other questions proffered by the PRM system 112 can alsodepend from previous information received. Information generallyreceived, or received in response to the questions, can be input intothe PRM system 112 from which it can be utilized for real time riskassessment and generation of a risk quotient 108.

An alert list containing names and/or terms of interest to a Subscribercan be supplied to the PRM system 112 by a Subscriber 121 or othersource. Embodiments can include each list being customized and specificto a Subscriber. The PRM system 112 can continually monitor data in itsdatabase via an alert query with key word, fuzzy logic or other searchalgorithms and transmit related informational data to the interestedparty. In this manner, ongoing diligence can be conducted. In the eventthat new information is uncovered by the alert query, the Subscriber canbe immediately notified, or notified according to a predeterminedschedule. Appropriate action can be taken according to the informationuncovered.

A risk assessment or risk quotient 108 can be made available to theSubscriber 121 or personnel interested in the transaction 107. In oneembodiment, the risk quotient 108 can be assessed in real time. A realtime assessment can allow a Subscriber 121 or other interested party toprovide a responsive action 114 and/or execute an action to address aparticular risk quotient timely to the circumstances resulting in therisk quotient score 108. A responsive action 114 may include; forexample, limiting the scope of a transaction entered into, discontinuinga transaction associated with high risk participants, notifyingauthorities, or other appropriate actions.

The PRM system 112 can quantify risk due diligence 109 by capturing andstoring a record of information received and actions taken relating to aRMC transaction. Once quantified, the due diligence data can be utilizedfor presentation, as appropriate, to regulatory bodies, shareholders,news media and/or other interested parties, such presentation may beuseful to mitigate adverse effects relating to a problematictransaction. The data can demonstrate that corporate governance is beingaddressed through tangible risk management processes.

In some embodiments, the PRM system 112 can generate a quantitativevalue indicative of an amount of Risk that is associated with a RMCinquiry such as an inquiry related to a particular transaction or aquery related to a particular account holder or account beneficiary. Therisk quotient can be based upon a weighted algorithm applied to the riskfactors. The risk quotient can be made available on a periodic basis, ondemand in real time, in response to an event such as a transaction, oraccording to some other request. Actions commensurate with a risk levelcan be presented to assist with proper risk management.

In some embodiments, the PRM system 112 can also calculate or otherwisegenerate an aggregated risk quotient score 110. An aggregated RiskQuotient score can include a sum of all outstanding Risk associated witha Financial Institution or subset of the Financial Institution, such asa particular department or branch, with a certain type of account orinvestment vehicle, or with a particular account holder or group ofaccount holders. The risk quotient aggregation 110 can be useful inassessing various levels of risk being tolerated by a FinancialInstitution. Other calculations, such as, for example, the sum, mean,average, or other calculation can be made to further analyze risk at aFinancial Institution. If desired, a rating can be applied to aninstitution according to the amount of risk tolerated by theinstitution, such as, for example, the average risk tolerated for atransaction.

Systems

Referring now to FIG. 2, a network diagram illustrating one embodimentof the present invention is shown 200. An automated PRM system 112 caninclude a computerized RMC server 210 accessible via a distributednetwork 201 such as the Internet, or a private network. A Subscriber220-222, regulatory entity 226, remote user 227, or other partyinterested in risk management, can use a computerized system or networkaccess device 204-207 to receive, input, transmit or view informationprocessed in the RMC server 210. A protocol, such as the transmissioncontrol protocol internet protocol (TCP/IP) can be utilized to provideconsistency and reliability.

In addition, a PRM server 211 can access the RMC server 210 via thenetwork 201 or via a direct link 209, such as a T1 line or other highspeed pipe. The PRM server 211 can in turn be accessed by an in-houseuser 222-224 via a system access device 212-214 and a distributednetwork 201, such as a local area network, or other private network, oreven the Internet, if desired. An in-house user 224 can also be situatedto access the PRM server 211 via a direct linkage, or any other systemarchitecture conducive to a particular need or situation. In oneembodiment, a remote user can access the PRM server 211 via a systemaccess device 204-207 also used to access other services, such as an RMCserver 210.

A computerized system or system access device 204-207 212-214 used toaccess the PRM system 211 can include a processor, memory and a userinput device, such as a keyboard and/or mouse, and a user output device,such as a display screen and/or printer. The system access devices212-214 can communicate with the PRM server 112 to access data andprograms stored at the PRM server 211. The system access device 212-214may interact with the PRM system 211 as if the PRM system 211 was asingle entity in the network 200. However, the PRM system 211 mayinclude multiple processing and database sub-systems, such ascooperative or redundant processing and/or database servers, that can begeographically dispersed throughout the network 200.

The PRM server 211 includes one or more databases 225 storing datarelating to proprietary risk management. The PRM server 211 may interactwith and/or gather data from an operator of a system access device220-224 226 227 or other source, such as from the RMC server 210. Datareceived may be structured according to risk criteria and utilized tocalculate a risk quotient 108.

Typically an in-house user 222-224 or other user will access the PRMserver 211 using client software executed at a system access device212-214. The client software may include a generic hypertext markuplanguage (HTML) browser, such as Netscape Navigator or MicrosoftInternet Explorer, (a “WEB browser”). The client software may also be aproprietary browser, and/or other host access software. In some cases,an executable program, such as a Java™ program, may be downloaded fromthe PRM server 211 to the client computer and executed at the systemaccess device or computer as part of the PRM software. Otherimplementations include proprietary software installed from a computerreadable medium, such as a CD ROM. The invention may therefore beimplemented in digital electronic circuitry, computer hardware,firmware, software, or in combinations of the above. Apparatus of theinvention may be implemented in a computer program product tangiblyembodied in a machine-readable storage device for execution by aprogrammable processor; and method steps of the invention may beperfoinied by a programmable processor executing a program ofinstructions to perform functions of the invention by operating on inputdata and generating output.

Methods

Referring now to FIG. 3, steps are illustrated which may be taken toimplement various embodiments of the present invention and manage riskassociated with a Financial Transaction. At 310, the steps can includegathering information relating to risk entities and other risk variablesand receiving the gathered information into a PRM server 211.Informational data can be gathered from a user such as a FinancialInstitution employee, from a source of electronic data such as anexternal database, messaging system, news feed, government agency, fromany other automated data provider, from a party to a transaction, orother source. Typically, the PRM server 211 will receive data relatingto a transactor, beneficiary or other associated party. Theinformational data can also include data descriptive of informationalartifacts with content related to one or more types of Risk, such as forexample: Reputational Risk, Regulatory Risk and Legal Risk. In someembodiments, the informational data can be received on an ongoing basissuch that if new events occur in the world that affect the exposure of atransactor, the calculated risk can be adjusted accordingly.

At 311, informational data can also be received from a RMC system 106 orother provider of risk management related data. In some embodiments,information received from a RMC system 106 can be structured accordingto risk variables and readily imported into a risk management databaseincluded as part of a PRM system 112. Data received from a RMC system106 can include a periodic data dump, such as a download of any datafields that are new or modified since a previous data download. A datadownload can be executed, for example, on an hourly, daily, or monthlybasis or other periodic schedule.

In addition to the types and sources of information listed previouslythat can provide indications of high risk, the Financial Institution orcompliance entity can receive information that relates to requests toinvolve a Financial Institution that is not accustomed to foreignaccount activity; requests for secrecy or exceptions to Bank Secrecy Actrequirements, routing through a secrecy jurisdiction, or missing wiretransfer information; unusual and unexplained fund or transactionactivity, such as fund flow through several jurisdictions or FinancialInstitutions, use of a government-owned bank, excessive funds or wiretransfers, rapid increase or decrease of funds or asset value notattributable to the market value of investments, high value deposits orwithdrawals, wires of the same amount of funds into and out of theaccount, and frequent zeroing of account balance; and large currency orbearer transactions, or structuring of transactions below reportingthresholds. Other information can include activities a person or entityis involved in, associates of a transactor, governmental changes,attempting to open more than one account in the same time proximity, orother related events.

Sources of information that supply informational data to a PRM server211 or to a RMC server 210 can include, for example, publications issuedby Treasury's Financial Crimes Enforcement Network (“FinCEN”), the StateDepartment, the CIA, the General Accounting Office, Congress, theFinancial Action Task Force (“FATF”), various international FinancialInstitutions (such as the World Bank and the International MonetaryFund), the United Nations, other government and non-governmentorganizations, internet websites, news feeds, commercial databases, orother information sources.

A RMC server 210 can also be accessed in real time, or on a transactionby transaction basis. In the real time embodiment, any changes to datain the RMC may be automatically forwarded to an in-house PRM system 112.On a transaction by transaction basis, the RMC server 210 can be queriedfor specific data that relates to variables associated with a particulartransaction.

At 312, all data received can be combined in the PRM server 112 tocreate an aggregate source of data which can be accessed to perform riskmanagement activities. The step of combining data can be useful foraggregating public information received from a RMC system 106 typeinformation provider with proprietary informiation contained in the PRMsystem 112. Combining data can be accomplished by any known datamanipulation method. For example, the data can be maintained in separatetables and linked with relational linkages, or the data can be gatheredinto on comprehensive table or other data structure.

At 313, the information received as data can be structured according todefined risk variables. Risk variables are used to calculate anindicator of risk, such as a risk quotient score 108. For example,information received can be associated with one or more variablesincluding a position held by the account holder or other transactor, thecountry in which the position is held, how long the position has beenheld, the strength of the position, the veracity of previous dealingswith persons from that country, the propensity of people in similarpositions to execute unlawful or unethical transactions, the type oftransaction or other criteria.

At 314, a risk quotient score 108 can be calculated as a result of theanalysis of the variables. For example, one method for calculating riskquotient 108 can include generating a numerical value or other scaledweighting that is resultant to particular information being associatedwith a variable. The scaled weighting is representative of a degree ofrisk experienced as a result of that particular information beingassociated with that variable. In addition the scaled weighting can beadjusted higher or lower, or otherwise re-weighted, depending uponinfoiniation received that relates to another risk variable if the riskvariables can have an affect upon each other. In this manner complexassociations and can be developed between variables, and algorithms canbe developed that reflect those associations.

For example, in one embodiment, a Risk quotient 108 can be calculated byweighting information received according to its importance indetermining high Risk activities, such as the likelihood of illegal orunethical dealings. Calculating a risk quotient 108 can be accomplishedby assigning a numerical value to each field of information, wherein thenumerical value is representative of the Risk associated with thatparticular piece of information. Therefore, it may be determined in onecase that a government official from a G-7 country trading equities in apublic company from a G-7 country poses minimal Risk. This informationfrom the first case is assigned a low numerical value, or even anegative numerical value. In a second case, an individual who appears ona list generated by the FATF and is attempting to transact in acorporate holding company may be viewed as a high risk. In another case,information conveying this high risk may be assigned a high numericalvalue. In addition, a weight can be assigned to a variable to which theinformation is assigned. Therefore a designated country may receive ahigher weight than the position held, or vice versa. A Risk Quotient 108can be calculated by multiplying a weighted numerical value of thespecific information times the category weighting.

Similarly, information received may indicate that a transactor is a highranking finance official from a G7 country. Other information may relateto an ownership variable which indicates that the ownership structure ofa company the transactor wishes to transact is a public entity. A publicentity may receive a numerical value of −5 because it is a relativelylow risk ownership structure. In addition, this information may beincluded in a Company Profile variable, wherein the Company Profile isassigned a variable weighting of 3, in this case, a variable weightingcannot be a negative value. Therefore, the net score for this ownershipstructure can be calculated to be −5 times 3 or −15. Similarly thetransactor or associated account holder being a high ranking officialfrom a G-7 country may also receive a low number such as 1. The riskquotient for the transactor would be 1 times 3, or 3. All scores withinthe Company Profile can be summed to calculate a RMC risk quotient. Inthis case the RMC risk quotient is −15+3 which equals −12, indicating alow risk. Weighted risk scores from all associated categories can besummed to calculate a total Risk Quotient Score 108.

At 315, a request for clearing risk can be received by the PRM system112 as part of a normal course of business, such as before consummatinga Financial Transaction, or upon request. Risk clearing that is part ofa normal course of business, may simply look for a risk quotient 108 orother risk rating to be below a threshold. Depending upon a level ofrisk calculated as well as the reasons for the risk calculation, at 316,a responsive action 114 can be generated that is commensurate with thelevel of risk and the underlying reasons.

As an example, in response to a high risk score, a responsive action 114may recommend that a Financial Institution not proceed with atransaction, or that an appropriate authority be notified. In responseto a low risk score, the Financial Institution may respond by completinga transaction as usual. Inteiniediate scores may respond by suggestingthat additional information be gathered, that transactions for thisaccount be monitored or other interim measures.

Once generated, risk management tools, such as the risk quotient 108,responsive action 114, and transaction related information, can betransmitted to an appropriate user. Typically, the risk management toolswill be transmitted from the PRM server 211 to a PRM system accessdevice 213-214, however, a Subscriber 220-221, or other user 226-227that is remote to the PRM server may also submit risk managementrequests and receive risk management tools via a distributed network 201or via voice, facsimile or other communication.

At 318, the PRM server 211 can also store in memory, or otherwisearchive, Risk management related data and proceedings. For example, thePRM server 211 can store information received, a risk quotient generated108, and/or any responsive action 114 taken. Archived management relateddata and proceedings can be useful to quantify corporate governance anddiligent efforts to address high risk situations. Accordingly, at 319,reports quantifying PRM risk management procedures, executed duediligence, corporate governance, a well as informational data andinformational artifacts considered, or other matters can be generated.

Referring now to FIG. 4, a flow chart illustrates additional steps thatcan be implemented to manage risk associated with a transaction. At 410,a Subscriber can receive information relating to one or more riskvariables such as, for example, an Transaction Participant associatedwith a Financial Transaction. This information may be received duringthe normal course of business, such as when a Transaction Participantsare ascertained. At 411, the Subscriber can access a PRM server 211 andidentify to the PRM server 211 one or more entities, jurisdictions, orother Risk Variables involved in the transaction. Access can beaccomplished by opening a dialogue with a PRM system 211 with a networkaccess device, 204-207, 212-214. Typically, the dialogue would be openedby presenting a GUI to a network access device accessible by a person oran electronic feed that will enter information relating to thetransactor. The GUI will be capable of accepting data input via anetwork access device. An example of a GUI would include a series ofquestions relating to a transaction. Alternatively, information can bereceived directly into fields of a database, such as from a commercialdata source. Questions can be fielded during a transaction, or at anyother opportunity to gather information.

In one embodiment, automated monitoring software can run in thebackground of a normal transaction program and screen data traversing anapplication. The screened data can be processed to determine key wordswherein the key words can in turn be presented to the PRM server 211 asrisk variables. The PRM server 211 will process the key words toidentify entities or other risk variables. Monitoring software can alsobe installed to screen data traversing a network or communications link.

At 412, the Subscriber can receive back information relating to one ormore Risks associated with conducting a transaction involving thesubmitted Risk Variables. In one embodiment, a Subscriber can receiveongoing monitoring of key words, identified entities, a geographiclocation, or other subject, or list of subjects. Any updated informationor change of status detected via an ongoing monitoring can result in analarm or other alert being sent to one or more appropriate users.

At 413, the user can also receive a risk quotient. As addressed morecompletely above, the risk quotient is typically a scaled numericalscore based upon values for weighted criteria. It will represent amagnitude of risk associated with a particular transaction and can bebased upon the participants involved in a transaction, the type oftransaction, the state sovereignties involved, an amount of moneyinvolved in the transaction, or other risk variables.

At 414, in addition to receiving a risk quotient, a user can alsoreceive one or more responsive actions from a PRM server 211. Asuggested action based upon informational data and informationalartifacts can include steps that can be taken by the FinancialInstitution or other user to address a risk that is associated with thetransaction. At 415, if appropriate, a user can request identificationof a source of informational data or an informational artifact and at416, receive identification of a source of informational data orinformational artifact. The source of the may be useful to pursue moredetails relating to the informational data and/or informationalartifact, or may just be utilized to help determine the credibility ofthe information received.

At 417, a user can also cause an archive to be created relating to Riskmanagement. An archive may include, for example, information receivedrelating to Risk associated with a Financial Transaction, as well assteps taken to address the Risk, and a Risk Quotient. In addition, at418, the user can cause a PRM server 211 to generate reports that caninclude, for example, a description of related informational data andinformational artifacts and otherwise document actions taken to addressdue diligence relating to Risk management.

Referring now to FIG. 5, an exemplary GUI for displaying informationrelated to PRM is illustrated 500. The GUI can include areas promptingfor information, such as in the form of a key word or a question 501.Areas can also be included for an appropriate response 506. The area foran appropriate response 506 can, for example, receive text, allow aselection from choices proffered, or otherwise receive data into the PRMserver 211. A programmable user interactive device, such as a checkbox,X field, yes/no filed or other device 503-505 can also be utilized toindicate an answer, or otherwise input information. Other programmabledevices, such as programmable icons, hyperlinks, push buttons or otherdevices 502 can be utilized to execute a particular function. A categoryweighting area 507 can also be included on the GUI 500. Typically theweighting will be predetermined. However, if desired the weighting canbe modified by a user such that a weighting value, such as a numericalvalue, will be utilized to calculate a risk quotient. The PRM GUI 500can also include an area for displaying a quotient score relating to thetransaction 508.

Referring now to FIG. 6, an exemplary GUI for presenting reports orsuggested actions related to PRM is illustrated 600. The GUI forpresenting reports 600 can include geographic areas of a user interfacecontaining risk management procedures 601, including those proceduresspecifically followed in relation to a particular PRM query or othersuggested actions. Additional areas can include a list of electronic orhardcopy reports available concerning risk management efforts undertaken602. Another area can include a list of risk quotients and/orcalculations concerning a risk quotient, such as the average riskquotient for the financial institution, or the mean risk quotient 603.Still another area can contain information descriptive of a particulartransactor or other PRM risk subject 604.

A number of embodiments of the present invention have been described.Nevertheless, it will be understood that various modifications may bemade without departing from the spirit and scope of the invention. Forexample, network access devices 204-208 can comprise a personal computerexecuting an operating system such as Microsoft Windows™, Unix™, orApple Mac OS™, as well as software applications, such as a JAVA programor a web browser, network access devices 204-208 can also be a terminaldevice, a palm-type computer, mobile WEB access device, a TV WEB browseror other device that can adhere to a point-to-point or networkcommunication protocol such as the Internet protocol. Computers andnetwork access devices can include a processor, RAM and/or ROM memory, adisplay capability, an input device and hard disk or other relativelypermanent storage. Accordingly, other embodiments are within the scopeof the following claims.

1-21. (canceled)
 22. A computer system implemented method for managingrisk, the method comprising: receiving into the computer system datadescriptive of informational artifacts having content related to atleast one of: reputational risk, regulatory risk, and legal risk;defining, within the computer system, risk variables based on the datadescriptive of the informational artifacts, wherein the risk variablesare generally related to one or more financial transactions; receiving,into the computer system, proprietary data relating to a particularfinancial transaction; identifying, by the computer system, at least twoof the risk variables associated with the particular financialtransaction; generating, by the computer system, a numerically weightedvalue for each of the at least two risk variables, wherein eachnumerically weighted value indicates a degree of risk associated withthe respective risk variable; adjusting, by the computer system, thenumerically weighted values based on one or more relationships betweenthe at least two risk variables; calculating, by the computer system, arisk quotient based on the adjusted numerically weighted values; andgenerating a report comprising the risk quotient and a description ofthe informational artifacts associated with the at least two riskvariables.
 23. The method of claim 22 wherein the risk quotientcomprises a quantitative indication of at least one of: reputationalrisk, regulatory risk, and legal risk, associated with the particularfinancial transaction.
 24. The method of claim 22, wherein the datadescriptive of the informational artifacts is received from a riskmanagement clearinghouse data provider.
 25. The method of claim 22further comprising generating a suggested action based on theinformational artifacts associated with the at least two risk variables.26. The method of claim 25 wherein the suggested action is directedtoward reducing risk.
 27. The method of claim 25 further comprisingrecalculating the risk quotient based upon implementation of thesuggested action.
 28. The method of claim 25 wherein the suggestedaction comprises refusing to perform a transaction.
 29. The method ofclaim 25 wherein the suggested action comprises blocking opening of anaccount.
 30. The method of claim 25 wherein the suggested actioncomprises notifying a law enforcement authority.
 31. The method of claim22 wherein the data descriptive of a particular financial transactioncomprises an identity of a secrecy jurisdiction.
 32. The method of claim22 wherein receiving the proprietary data relating to a particularfinancial transaction comprises screening data traversing a network orcommunications link.
 33. A system for managing regulatory andreputational risk, the system comprising: a memory storing computerexecutable instructions; and a computer processor configured to executethe instructions to: receive data descriptive of informational artifactshaving content related to at least one of: reputational risk, regulatoryrisk, and legal risk; define risk variables based on the datadescriptive of the informational artifacts, wherein the risk variablesare generally related to one or more financial transactions; receiveproprietary data relating to a particular financial transaction;identify at least two of the risk variables associated with theparticular financial transaction; generate a numerically weighted valuefor each of the at least two risk variables, wherein each numericallyweighted value indicates a degree of risk associated with the respectiverisk variable; adjust the numerically weighted values based on one ormore effects the at least two risk variables can have upon each other;calculate a risk quotient based on the adjusted numerically weightedvalues; and generate a report comprising the risk quotient and adescription of the informational artifacts associated with the at leasttwo risk variables.
 34. The system of claim 33, wherein the datadescriptive of the informational artifacts is received from a riskmanagement clearinghouse data provider.
 35. The system of claim 33wherein the computer processor further executes the instructions togenerate a suggested action based on the informational artifactsassociated with the at least two risk variables.
 36. The system of claim35 wherein the suggested action is directed toward reducing risk. 37.The system of claim 35 wherein the suggested action comprises refusingto perform a transaction.
 38. The system of claim 35 wherein thesuggested action comprises blocking opening of an account.
 39. Thesystem of claim 33 wherein the data descriptive of a particularfinancial transaction comprises an identity of a secrecy jurisdiction.40. The system of claim 33 further comprising calculating an averagerisk quotient for multiple financial transactions associated with afinancial institution.
 41. A non-transitory computer-readable mediumcomprising computer readable instructions that, when executed by one ormore computer processors, direct the one or more computer processors to:receive data descriptive of informational artifacts having contentrelated to at least one of: reputational risk, regulatory risk, andlegal risk; define risk variables based on the data descriptive of theinformational artifacts, wherein the risk variables are generallyrelated to one or more financial transactions; receive proprietary datarelating to a particular financial transaction; identify at least two ofthe risk variables associated with the particular financial transaction;generate a numerically weighted value for each of the at least two riskvariables, wherein each numerically weighted value indicates a degree ofrisk associated with the respective risk variable; adjust thenumerically weighted values based on one or more relationships betweenthe at least two risk variables; calculate a risk quotient based on theadjusted numerically weighted values; and generate a report comprisingthe risk quotient and a description of the informational artifactsassociated with the at least two risk variables.
 42. Thecomputer-readable medium of claim 41 wherein the instructions furtherdirect the one or more computer processors to generate a suggestedaction based on the informational artifacts associated with the at leasttwo risk variables.